From dc14c5c7cededc2bd1bcf57076cab512b79a4fae Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 2 Nov 2006 08:14:23 +0000 Subject: automatic update git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@4909 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- data/CVE/1999.list | 92 +++++++++++++++++++++++++++--------------------------- 1 file changed, 46 insertions(+), 46 deletions(-) (limited to 'data/CVE/1999.list') diff --git a/data/CVE/1999.list b/data/CVE/1999.list index 6c30dc6dbf..0f93e7203f 100644 --- a/data/CVE/1999.list +++ b/data/CVE/1999.list @@ -97,7 +97,7 @@ CVE-1999-1419 (Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2. TODO: check CVE-1999-1414 (IBM Netfinity Remote Control allows local users to gain administrator ...) TODO: check -CVE-1999-1411 (The installation of the fsp package 2.71-10 in Debian Linux 2.0 adds ...) +CVE-1999-1411 (The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 ...) TODO: check CVE-1999-1409 (The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local ...) TODO: check @@ -222,7 +222,7 @@ CVE-1999-1217 (The PATH in Windows NT includes the current working directory (.) TODO: check CVE-1999-1215 (LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes ...) TODO: check -CVE-1999-1214 (Vulnerability in asynchronous I/O facility in 4.4 BSD kernel does not ...) +CVE-1999-1214 (The asynchronous I/O facility in 4.4 BSD kernel does not check user ...) TODO: check CVE-1999-1209 (Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open ...) TODO: check @@ -288,7 +288,7 @@ CVE-1999-1144 (Certain files in MPower in HP-UX 10.x are installed with insecure TODO: check CVE-1999-1143 (Vulnerability in runtime linker program rld in SGI IRIX 6.x and ...) TODO: check -CVE-1999-1142 (SunOS 4.1.2 and earlier allows local users to gain privileges in ...) +CVE-1999-1142 (SunOS 4.1.2 and earlier allows local users to gain privileges via ...) TODO: check CVE-1999-1140 (Buffer overflow in CrackLib 2.5 may allow local users to gain root ...) TODO: check @@ -461,7 +461,7 @@ CVE-1999-0966 (Buffer overflow in Solaris getopt in libc allows local users to g TODO: check CVE-1999-0965 (Race condition in xterm allows local users to modify arbitrary files ...) TODO: check -CVE-1999-0964 (Buffer overflow in FreeBSD setlocale in the libc module. ...) +CVE-1999-0964 (Buffer overflow in FreeBSD setlocale in the libc module allows ...) TODO: check CVE-1999-0963 (FreeBSD mount_union command allows local users to gain root privileges ...) TODO: check @@ -485,7 +485,7 @@ CVE-1999-0954 (WWWBoard has a default username and default password. ...) TODO: check CVE-1999-0953 (WWWBoard stores encrypted passwords in a password file that is ...) TODO: check -CVE-1999-0951 (Buffer overflow in OmniHTTPd CGI program imagemap.cgi allows remote ...) +CVE-1999-0951 (Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote ...) TODO: check CVE-1999-0950 (Buffer overflow in WFTPD FTP server allows remote attackers to gain ...) TODO: check @@ -859,7 +859,7 @@ CVE-1999-0713 (The dtlogin program in Compaq Tru64 UNIX allows local users to ga TODO: check CVE-1999-0711 (The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix ...) TODO: check -CVE-1999-0710 (The RedHat squid program installs cachemgr.cgi in a public web ...) +CVE-1999-0710 (The Squid package in Red Hat Linux 5.2 and 6.0, and other ...) {DSA-576-1} - squid 2.5.7-1 CVE-1999-0708 (Buffer overflow in cfingerd allows local users to gain root privileges ...) @@ -884,7 +884,7 @@ CVE-1999-0699 (The Bluestone Sapphire web server allows session hijacking via ea TODO: check CVE-1999-0697 (SCO Doctor allows local users to gain root privileges through a Tools ...) TODO: check -CVE-1999-0696 (Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd) ...) +CVE-1999-0696 (Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). ...) TODO: check CVE-1999-0695 (The Sybase PowerDynamo personal web server allows attackers to ...) TODO: check @@ -918,7 +918,7 @@ CVE-1999-0680 (Windows NT Terminal Server performs extra work when a client open TODO: check CVE-1999-0679 (Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows ...) TODO: check -CVE-1999-0678 (A default configuration of Apache on Debian Linux sets the ServerRoot ...) +CVE-1999-0678 (A default configuration of Apache on Debian GNU/Linux sets the ...) TODO: check CVE-1999-0676 (sdtcm_convert in Solaris 2.6 allows a local user to overwrite ...) TODO: check @@ -1000,7 +1000,7 @@ CVE-1999-0458 (L0phtcrack 2.5 used temporary files in the system TEMP directory TODO: check CVE-1999-0457 (Linux ftpwatch program allows local users to gain root privileges. ...) TODO: check -CVE-1999-0449 (Denial of service in IIS 4 with scripts from the ExAir sample site. ...) +CVE-1999-0449 (The ExAir sample site in IIS 4 allows remote attackers to cause a ...) NOT-FOR-US: Microsoft CVE-1999-0448 (IIS 4.0 and Apache log HTTP request methods, regardless of how long ...) NOT-FOR-US: Microsoft @@ -1102,7 +1102,7 @@ CVE-1999-0382 (The screen saver in Windows NT does not verify that its security TODO: check CVE-1999-0380 (SLMail 3.1 and 3.2 allows local users to access any file in the NTFS ...) TODO: check -CVE-1999-0379 (Microsoft Taskpads feature allows remote web sites to execute commands ...) +CVE-1999-0379 (Microsoft Taskpads allows remote web sites to execute commands on the ...) NOT-FOR-US: Microsoft CVE-1999-0378 (InterScan VirusWall for Solaris doesn't scan files for viruses when ...) TODO: check @@ -1112,9 +1112,9 @@ CVE-1999-0376 (Local users in Windows NT can obtain administrator privileges by TODO: check CVE-1999-0375 (Buffer overflow in webd in Network Flight Recorder (NFR) ...) TODO: check -CVE-1999-0374 (Debian Linux cfengine package is susceptible to a symlink attack. ...) +CVE-1999-0374 (Debian GNU/Linux cfengine package is susceptible to a symlink attack. ...) TODO: check -CVE-1999-0373 (Buffer overflow in the "Super" utility in Debian Linux and other ...) +CVE-1999-0373 (Buffer overflow in the "Super" utility in Debian GNU/Linux, and other ...) TODO: check CVE-1999-0372 (The installer for BackOffice Server includes account names and ...) TODO: check @@ -1136,7 +1136,7 @@ CVE-1999-0362 (WS_FTP server remote denial of service through cwd command. ...) TODO: check CVE-1999-0358 (Digital Unix 4.0 has a buffer overflow in the inc program of the mh ...) TODO: check -CVE-1999-0357 (Denial of service in Windows systems using malformed oshare packets. ...) +CVE-1999-0357 (Windows 98 and other operating systems allows remote attackers to ...) TODO: check CVE-1999-0355 (Local or remote users can force ControlIT 4.5 to reboot or force a ...) TODO: check @@ -1168,7 +1168,7 @@ CVE-1999-0338 (AIX Licensed Program Product performance tools allow local users NOT-FOR-US: AIX CVE-1999-0337 (AIX batch queue (bsh) allows local and remote users to gain additional ...) NOT-FOR-US: AIX -CVE-1999-0335 (Buffer overflow in BSD and linux lpr command allows local users to ...) +CVE-1999-0335 (DEPRECATED. This entry has been deprecated. It is a duplicate of ...) TODO: check CVE-1999-0334 (In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local ...) TODO: check @@ -1200,9 +1200,9 @@ CVE-1999-0316 (Buffer overflow in Linux splitvt command gives root access to loc TODO: check CVE-1999-0315 (Buffer overflow in Solaris fdformat command gives root access to local ...) TODO: check -CVE-1999-0314 (IRIX ioconfig program allows local users to gain root access ...) +CVE-1999-0314 (ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to ...) TODO: check -CVE-1999-0313 (IRIX disk_bandwidth program allows local users to gain root access ...) +CVE-1999-0313 (disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local ...) TODO: check CVE-1999-0312 (HP ypbind allows attackers with root privileges to modify NIS data. ...) TODO: check @@ -1214,7 +1214,7 @@ CVE-1999-0309 (HP-UX vgdisplay program gives root access to local users. ...) TODO: check CVE-1999-0308 (HP-UX gwind program allows users to modify arbitrary files. ...) TODO: check -CVE-1999-0305 (BSD sysctl control does not properly restrict source routing. ...) +CVE-1999-0305 (The system configuration control (sysctl) facility in BSD based ...) TODO: check CVE-1999-0304 (mmap function in BSD allows local attackers in the kmem group to ...) TODO: check @@ -1246,7 +1246,7 @@ CVE-1999-0290 (The WinGate telnet proxy allows remote attackers to cause a denia TODO: check CVE-1999-0289 (The Apache web server for Win32 may provide access to restricted ...) TODO: check -CVE-1999-0288 (Denial of service in WINS with malformed data to port 137 (NETBIOS ...) +CVE-1999-0288 (The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote ...) TODO: check CVE-1999-0281 (Denial of service in IIS using long URLs. ...) NOT-FOR-US: Microsoft @@ -1268,11 +1268,11 @@ CVE-1999-0273 (Denial of service through Solaris 2.5.1 telnet by sending ^D char TODO: check CVE-1999-0272 (Denial of service in Slmail v2.5 through the POP3 port. ...) TODO: check -CVE-1999-0270 (pfdispaly CGI program for SGI's Performer API Search Tool allows read ...) +CVE-1999-0270 (Directory traversal vulnerability in pfdispaly.cgi program (sometimes ...) TODO: check CVE-1999-0269 (Netscape Enterprise servers may list files through the PageServices query. ...) TODO: check -CVE-1999-0268 (MetaInfo MetaWeb web server allows users to upload and execute scripts. ...) +CVE-1999-0268 (MetaInfo MetaWeb web server allows users to upload, execute, and read ...) TODO: check CVE-1999-0267 (Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution. ...) TODO: check @@ -1284,7 +1284,7 @@ CVE-1999-0264 (htmlscript CGI program allows remote read access to files. ...) TODO: check CVE-1999-0263 (Solaris SUNWadmap can be exploited to obtain root access. ...) TODO: check -CVE-1999-0262 (faxsurvey CGI script on Linux allows remote command execution via ...) +CVE-1999-0262 (Hylafax faxsurvey CGI script on Linux allows remote attackers to ...) TODO: check CVE-1999-0260 (The jj CGI program allows command execution via shell metacharacters. ...) TODO: check @@ -1312,7 +1312,7 @@ CVE-1999-0236 (ScriptAlias directory in NCSA and Apache httpd allowed attackers TODO: check CVE-1999-0234 (Bash treats any character with a value of 255 as a command separator. ...) TODO: check -CVE-1999-0233 (IIS allows users to execute arbitrary commands using .bat or .cmd ...) +CVE-1999-0233 (IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd ...) NOT-FOR-US: Microsoft CVE-1999-0230 (Buffer overflow in Cisco 7xx routers through the telnet service. ...) NOT-FOR-US: Cisco @@ -1328,7 +1328,7 @@ CVE-1999-0223 (Solaris syslogd crashes when receiving a message from a host that TODO: check CVE-1999-0221 (Denial of service of Ascend routers through port 150 (remote ...) TODO: check -CVE-1999-0219 (Buffer overflow in Serv-U FTP server when user performs a cwd to a ...) +CVE-1999-0219 (Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to ...) TODO: check CVE-1999-0218 (Livingston portmaster machines could be rebooted via a series ...) TODO: check @@ -1360,7 +1360,7 @@ CVE-1999-0202 (The GNU tar command, when used in FTP sessions, may allow an atta TODO: check CVE-1999-0201 (A quote cwd command on FTP servers can reveal the full path of the ...) TODO: check -CVE-1999-0196 (The websendmail program in the Webgais program allows a remote user to ...) +CVE-1999-0196 (websendmail in Webgais 1.0 allows a remote user to access arbitrary ...) TODO: check CVE-1999-0194 (Denial of service in in.comsat allows attackers to generate messages. ...) TODO: check @@ -1388,7 +1388,7 @@ CVE-1999-0180 (in.rshd allows users to login with a NULL username and execute co TODO: check CVE-1999-0179 (Windows NT crashes or locks up when a Samba client executes a "cd .." ...) TODO: check -CVE-1999-0178 (The win-c-sample program in the WebSite web server has a buffer ...) +CVE-1999-0178 (Buffer overflow in the win-c-sample program (win-c-sample.exe) in the ...) TODO: check CVE-1999-0177 (The uploader program in the WebSite web server allows a remote ...) TODO: check @@ -1464,7 +1464,7 @@ CVE-1999-0134 (vold in Solaris 2.x allows local users to gain root access. ...) TODO: check CVE-1999-0133 (fm_fls license server for Adobe Framemaker allows local users to ...) TODO: check -CVE-1999-0132 (Expreserve, used in vi and ex, allows local users to overwrite ...) +CVE-1999-0132 (Expreserve, as used in vi and ex, allows local users to overwrite ...) TODO: check CVE-1999-0131 (Buffer overflow and denial of service in Sendmail 8.7.5 and ...) TODO: check @@ -1494,11 +1494,11 @@ CVE-1999-0115 (AIX bugfiler program allows local users to gain root access. ...) NOT-FOR-US: AIX CVE-1999-0113 (Some implementations of rlogin allow root access if given a ...) TODO: check -CVE-1999-0112 (Buffer overflow in AIX dtterm program for the CDE ...) +CVE-1999-0112 (Buffer overflow in AIX dtterm program for the CDE. ...) NOT-FOR-US: AIX CVE-1999-0111 (RIP v1 is susceptible to spoofing. ...) TODO: check -CVE-1999-0109 (Buffer overflow in ffbconfig in Solaris 2.5.1 ...) +CVE-1999-0109 (Buffer overflow in ffbconfig in Solaris 2.5.1. ...) TODO: check CVE-1999-0108 (The printers program in IRIX has a buffer overflow that gives root ...) TODO: check @@ -1514,7 +1514,7 @@ CVE-1999-0099 (Buffer overflow in syslog utility allows local or remote attacker TODO: check CVE-1999-0097 (The AIX FTP client can be forced to execute commands from a malicious ...) NOT-FOR-US: AIX -CVE-1999-0096 (Sendmail decode alias can be used to overwrite sensitive files ...) +CVE-1999-0096 (Sendmail decode alias can be used to overwrite sensitive files. ...) TODO: check CVE-1999-0095 (The debug command in Sendmail is enabled, allowing attackers to ...) TODO: check @@ -1528,17 +1528,17 @@ CVE-1999-0090 (Buffer overflow in AIX rcp command allows local users to obtain . NOT-FOR-US: AIX CVE-1999-0087 (Denial of service in AIX telnet can freeze a system and prevent ...) NOT-FOR-US: AIX -CVE-1999-0085 (rwhod buffer overflow in AIX ...) +CVE-1999-0085 (Buffer overflow in rwhod on AIX and other operating systems allows ...) NOT-FOR-US: AIX -CVE-1999-0084 (NFS mknod bug ...) +CVE-1999-0084 (Certain NFS servers allow users to use mknod to gain privileges by ...) TODO: check -CVE-1999-0083 (getcwd() file descriptor leak in FTP ...) +CVE-1999-0083 (getcwd() file descriptor leak in FTP. ...) TODO: check CVE-1999-0082 (CWD ~root command in ftpd allows root access. ...) TODO: check CVE-1999-0081 (wu-ftp allows files to be overwritten via the rnfr command. ...) TODO: check -CVE-1999-0080 (wu-ftp FTP server allows root access via "site exec" command. ...) +CVE-1999-0080 (Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH ...) TODO: check CVE-1999-0079 (Remote attackers can cause a denial of service in FTP by issuing ...) TODO: check @@ -1554,15 +1554,15 @@ CVE-1999-0072 (Buffer overflow in AIX xdat gives root access to local users. ... NOT-FOR-US: AIX CVE-1999-0071 (Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. ...) TODO: check -CVE-1999-0070 (test-cgi program allows an attacker to list files on the server ...) +CVE-1999-0070 (test-cgi program allows an attacker to list files on the server. ...) TODO: check CVE-1999-0069 (Solaris ufsrestore buffer overflow. ...) TODO: check CVE-1999-0068 (CGI PHP mylog script allows an attacker to read any file on the ...) TODO: check -CVE-1999-0067 (CGI phf program allows remote command execution through shell ...) +CVE-1999-0067 (phf CGI program allows remote command execution through shell ...) TODO: check -CVE-1999-0066 (AnyForm CGI remote execution ...) +CVE-1999-0066 (AnyForm CGI remote execution. ...) TODO: check CVE-1999-0065 (Multiple buffer overflows in how dtmail handles attachments allows a ...) TODO: check @@ -1586,13 +1586,13 @@ CVE-1999-0055 (Buffer overflows in Sun libnsl allow root access. ...) TODO: check CVE-1999-0054 (Sun's ftpd daemon can be subjected to a denial of service. ...) TODO: check -CVE-1999-0053 (TCP RST denial of service in FreeBSD ...) +CVE-1999-0053 (TCP RST denial of service in FreeBSD. ...) TODO: check CVE-1999-0052 (IP fragmentation denial of service in FreeBSD allows a remote attacker ...) TODO: check CVE-1999-0051 (Arbitrary file creation and program execution using FLEXlm ...) TODO: check -CVE-1999-0050 (Buffer overflow in HP-UX newgrp program ...) +CVE-1999-0050 (Buffer overflow in HP-UX newgrp program. ...) TODO: check CVE-1999-0049 (Csetup under IRIX allows arbitrary file creation or overwriting. ...) TODO: check @@ -1602,7 +1602,7 @@ CVE-1999-0047 (MIME conversion buffer overflow in sendmail versions 8.8.3 and 8. TODO: check CVE-1999-0046 (Buffer overflow of rlogin program using TERM environmental variable. ...) TODO: check -CVE-1999-0045 (List of arbitrary files on Web host via nph-test-cgi script ...) +CVE-1999-0045 (List of arbitrary files on Web host via nph-test-cgi script. ...) TODO: check CVE-1999-0044 (fsdump command in IRIX allows local users to obtain root access ...) TODO: check @@ -1610,11 +1610,11 @@ CVE-1999-0043 (Command execution via shell metachars in INN daemon (innd) 1.5 .. TODO: check CVE-1999-0042 (Buffer overflow in University of Washington's implementation of ...) TODO: check -CVE-1999-0041 (Buffer overflow in NLS (Natural Language Service) ...) +CVE-1999-0041 (Buffer overflow in NLS (Natural Language Service). ...) TODO: check CVE-1999-0040 (Buffer overflow in Xt library of X Windowing System allows local ...) TODO: check -CVE-1999-0039 (Arbitrary command execution using webdist CGI program in IRIX. ...) +CVE-1999-0039 (webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers ...) TODO: check CVE-1999-0038 (Buffer overflow in xlock program allows local users to execute ...) TODO: check @@ -1624,9 +1624,9 @@ CVE-1999-0036 (IRIX login program with a nonzero LOCKOUT parameter allows creati TODO: check CVE-1999-0035 (Race condition in signal handling routine in ftpd, allowing read/write ...) TODO: check -CVE-1999-0034 (Buffer overflow in suidperl (sperl), Perl 4.x and 5.x ...) +CVE-1999-0034 (Buffer overflow in suidperl (sperl), Perl 4.x and 5.x. ...) TODO: check -CVE-1999-0032 (Buffer overflow in BSD-based lpr package allows local users to gain ...) +CVE-1999-0032 (Buffer overflow in lpr, as used in BSD-based systems including Linux, ...) TODO: check CVE-1999-0031 (JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and ...) NOT-FOR-US: Microsoft @@ -1654,7 +1654,7 @@ CVE-1999-0018 (Buffer overflow in statd allows root privileges. ...) TODO: check CVE-1999-0017 (FTP servers can allow an attacker to connect to arbitrary ports on ...) TODO: check -CVE-1999-0016 (Land IP denial of service ...) +CVE-1999-0016 (Land IP denial of service. ...) TODO: check CVE-1999-0014 (Unauthorized privileged access or denial of service via dtappgather ...) TODO: check @@ -1668,9 +1668,9 @@ CVE-1999-0010 (Denial of Service vulnerability in BIND 8 Releases via maliciousl TODO: check CVE-1999-0009 (Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. ...) TODO: check -CVE-1999-0008 (Buffer overflow in NIS+, in Sun's rpc.nisd program ...) +CVE-1999-0008 (Buffer overflow in NIS+, in Sun's rpc.nisd program. ...) TODO: check -CVE-1999-0007 (Information from SSL-encrypted sessions via PKCS #1 ...) +CVE-1999-0007 (Information from SSL-encrypted sessions via PKCS #1. ...) TODO: check CVE-1999-0006 (Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows ...) TODO: check -- cgit v1.2.3